Hi all,

I have a FreeBSD server behind NAT (on an RFC1918 address). The NAT
machine is actually an NT box on a network we don't have access to.
(So, it is not possible, for instance, to set up port based NAT for
inbound SSH, which is one of two things I'd normally do). The server
can, however, initiate arbitrary outbound connections.

So, I'm fishing for a tech workaround to this management problem. :-)

I need to be able to have an interactive SSH session on the server
(Server) from another host (Manager) on the Internet (for remote
management). That is, I need to connect to Server to do remote
management.

               <--- NAT --->
[ Server ] --- [ NT Gateway ] --- { Internet } --- [ Manager ]
192.168.0.2    192.168.0.1                         207.1.1.1
                     24.1.1.1

Manager is a highly available FreeBSD server (i.e., static public IP).

The first thing that comes to mind is some kind of "pull" technique to
have *Server* initiate the connection. Server already initiates cron'd
SSH connections to Manager to do automated backup/rsync tasks, but I
can't think of a way to actually start an interactive login in that
manner.

So far the best I've come up with is to configure a secure known path
on Manager for batch scripts (so, not really interactive, but close
enough for 90% of tasks) and have Server simply attempt to scp (pull)
the file at regular intervals, and execute its contents. Server can
capture the output and scp (push) that back to Manager. Manager never
actually initiates anything. Obviously, this will be a leading cause
of ass pain in troubleshooting scenarios, and will be a *real* pain
for anything that actually requires an interactive session.

Unfortunately, that idea has, so far, been the *last* thing to come to
mind. Any *other* ideas? :-)

Thanks,
- Ryan

-- 
  Ryan Thompson <[EMAIL PROTECTED]>

  SaskNow Technologies - http://www.sasknow.com
  901-1st Avenue North - Saskatoon, SK - S7K 1Y4

        Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to